[Mailman-Users] Security consequences of adding www user to mailman group

James Riendeau jtriende at wisc.edu
Thu Dec 18 16:08:36 CET 2008

I need to run bin/add_member in our Mailman 2.1.11 list server  
installation from a cgi/perl script.  Normally, it has to run as  
root.   The easy solution was to add the www user to the mailman  
group.  You can then:

open(LISTSERVER, '|/usr/local/mailman/bin/add_members -r- '.$list_name);
print LISTSERVER $email;

My question is are there any security consequences from adding the  
Apache2 user to the mailman group I should be aware of.  I don't want  
to inadvertently allow spammers to add themselves to our lists.  The  
cgi script that I'm using is well protected by pubcookie and ip  
restriction to ensure that only authorized administrators can add new  


James Riendeau
MMI Computer Support Technician
Rm. 1541, Dept. of MedMicro
1550 Linden Drive
Madison, WI  53706-1521

Phone: (608) 262-3351
After-hours Phone: (608) 260-2696
Fax: (608) 262-8418
Email: jtriende at wisc.edu

More information about the Mailman-Users mailing list